Yes, i can reach it.
Actually, WireGuard finally works as well too.
And I can in part explain it for anybody else who might stumble across this.
I think it’s a combination of multiple factors that were playing a crucial role.
So the customer service told me that I have two VPN connections in the FritzBox system, one is the IPSec based one and the other the WireGuard.
For whatever reason, FritzBox created the WireGuard connection/ configuration with the same virtual IP address (192.168.0.202) as the existing IPSec one (I think i created this one earlier).
It could be that there was a bug in the FritzBox software that decided on the IP addresses when creating a new configuration, which led let to this overlap.
I started using the at that time experimental WireGuard support as soon as it was released, so maybe there were some check missing back then (you cannot manually set the IP address in the UI).
This explains for me why the IPSec configuration was not working until I recreated it today (it got assigned a different IP address (192.168.0.203), which is unique).
WireGuard is a bit complicated, and I’m not 100% sure what went wrong.
First, I must say that the WireGuard support in the settings is really far from perfect.
For example, I noticed, that when you set MTU in the dialogue here:
…it doesn’t save the value and always resets it to 0 (which actually translated to 1420 bytes when you create the interface).
Only if you use the -/+ to enter the value, it will actually get saved and applied.
Then I noticed that when you import the WireGuard config using the settings UI and activate the VPN, the ip addr configuration looks slightly different then the one generated by wg-quick.
Gnome Settings:
54: wg_config: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 192.168.0.201/24 brd 192.168.0.255 scope global noprefixroute wg_config
valid_lft forever preferred_lft forever
wg-quick:
55: fritzbox: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 192.168.0.201/24 scope global fritzbox
valid_lft forever preferred_lft forever
Not related to my issue (I should probably report this upstream)
Also, I had to change the endpoint from the myfritz.net domain to my DynDNS, because otherwise the value was not accepted on the import.
You also can’t disable the VPN connection created by wg-quick using the settings UI. It disappears but stays active.
End
Furthermore, I noticed that for whatever reason the packet loss is way higher when you create the VPN with Gnome settings in comparison to wg-quick (I know doesn’t make sense, but that’s just my observations. Probably has a different cause).
It could be that I sometimes simply didn’t wait long enough when I tried pinging my LAN devices.
Gnome settings:
--- 192.168.0.1 ping-Statistik ---
118 Pakete übertragen(sent), 110 empfangen (received), 6.77966% packet loss, time 117242ms
rtt min/avg/max/mdev = 295.280/334.844/525.726/40.173 ms
wg-quick:
--- 192.168.0.1 ping-Statistik ---
54 Pakete übertragen, 54 empfangen, 0% packet loss, time 53008ms
rtt min/avg/max/mdev = 313.936/342.954/420.911/33.108 ms
I tried adding this network range this to the client config and the connection was established successfully, but in the end it worked without this addition as well, so idk…
Bottom Line:
Check your router config for any duplicated IPs in both VPN tabs, and setup WireGuard VPN with wg-quick not Gnome settings.
Edit: Yeah, the WireGuard Gnome support is really buggy…
I wonder how this could get merged at such a bad state: